Lalo Ransomware
The Lalo Ransomware is a file-locking Trojan that's a part of a Ransomware-as-a-Service family named STOP Ransomware or Djvu Ransomware. The Lalo Ransomware can keep users from accessing files by encrypting them and holds them for ransom. Backups are a nearly-mandatory recovery solution for most users, although respected anti-malware products should delete the Lalo Ransomware safely.
A Trojan to 'STOP' Your Files Dead in Their Tracks
The Ransomware-as-a-Service that's after money and nothing else has yet to finish dominating the threat landscape, although the RaaS's model offers few changes, in modern times. The standard of compromising users with weak security, encrypting their files securely, and dropping a ransom demand in a pop-up or text is one that remains profitable for threat actors, at least, in theory. The Lalo Ransomware follows this formula to a tee, as a member of the enormous STOP Ransomware family.
The STOP Ransomware, or Djvu Ransomware, is a group of Trojans noted for favoring Southeastern island nations and nearby regions, although some attacks go as far abroad as the Middle East. The family's distribution methods consist of brute-forcing servers with bad passwords and circulating corrupted mislabeled torrents. Software pirates and server admins, therefore, are equally at risk from the Lalo Ransomware and its relatives, such as the Kodc Ransomware, the Nosu Ransomware, the Jope Ransomware and the Remk Ransomware.
The AES and RSA encryption that the Lalo Ransomware uses for 'locking' documents, pictures, audio, and other media is its greatest claim to fame among its victims. Along with having issues opening their work and other files, however, users also may experience problems with loading websites (due to the Trojan's Hosts changes) and restoring backups (thanks to the Shadow Copy deletion).
The Challenge of Undoing Trojan Meddling
Resetting the Hosts file is an easy enough task for any user, even ones with a casual knowledge of the Windows OS. The opposite, however, is the case for the Lalo Ransomware's encryption, which is unbreakable, in most scenarios, without the threat actor's help. Additionally, paying the ransom that it asks for (in a dropped text file) isn't a definite way of getting the unlocking key and, with it, all the hostage media.
Because of the recurring problems with decrypting this family's payload, malware researchers ask that Windows users follow appropriate protective guidelines. Saving backups to other devices, turning macros off, installing security patches, turning off RDP features, using careful passwords, and avoiding illicit downloads are all helpful. Content such as Word or PDF documents, MP3s and MP4s, archives, and pictures like JPGs and GIFs are very high-risk formats versus all file-locking Trojans.
While these issues remain, the STOP Ransomware is not notably self-obfuscating and has limited defensive features. Most anti-malware tools should intercept and delete the Lalo Ransomware, like its dozens of other variants.
A nearly one thousand dollar ransom is far beyond the cost of the average backup solution, both for hardware and software. A penny saved isn't always a penny earned, as file-locker Trojans like the Lalo Ransomware will prove with glee.
]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.